texlive/texlive-source-CVE-2007-0650.patch
2007-12-02 08:03:19 +00:00

102 lines
3.3 KiB
Diff

--- texk/makeindexk/mkind.c
+++ texk/makeindexk/mkind.c 2007-02-06 13:43:26.000000000 +0100
@@ -179,7 +179,9 @@ char *argv[];
argc--;
if (argc <= 0)
FATAL("Expected -p <num>\n","");
- strcpy(pageno, *++argv);
+ if (strlen(*++argv) >= sizeof(pageno))
+ FATAL("Page number too high\n","");
+ strcpy(pageno, *argv);
init_page = TRUE;
if (STREQ(pageno, EVEN)) {
log_given = TRUE;
@@ -227,10 +229,10 @@ char *argv[];
if (fn_no == 0 && !sty_given)
{
- char tmp[STRING_MAX + 5];
+ char tmp[STRING_MAX];
/* base set by last call to check_idx */
- sprintf (tmp, "%s%s", base, INDEX_STY);
+ snprintf (tmp, sizeof(tmp), "%s%s", base, INDEX_STY);
if (0 == access(tmp, R_OK)) {
open_sty (tmp);
sty_given = TRUE;
@@ -407,7 +409,7 @@ int open_fn;
if ((idx_fn = (char *) malloc(STRING_MAX)) == NULL)
FATAL("Not enough core...abort.\n", "");
- sprintf(idx_fn, "%s%s", base, INDEX_IDX);
+ snprintf(idx_fn, STRING_MAX, "%s%s", base, INDEX_IDX);
if ((open_fn &&
((idx_fp = OPEN_IN(idx_fn)) == NULL)
) ||
@@ -434,7 +436,7 @@ int log_given;
/* index output file */
if (!ind_given) {
- sprintf(ind, "%s%s", base, INDEX_IND);
+ snprintf(ind, sizeof(ind), "%s%s", base, INDEX_IND);
ind_fn = ind;
}
if ((ind_fp = OPEN_OUT(ind_fn)) == NULL)
@@ -442,14 +444,14 @@ int log_given;
/* index transcript file */
if (!ilg_given) {
- sprintf(ilg, "%s%s", base, INDEX_ILG);
+ snprintf(ilg, sizeof(ilg), "%s%s", base, INDEX_ILG);
ilg_fn = ilg;
}
if ((ilg_fp = OPEN_OUT(ilg_fn)) == NULL)
FATAL("Can't create transcript file %s.\n", ilg_fn);
if (log_given) {
- sprintf(log_fn, "%s%s", base, INDEX_LOG);
+ snprintf(log_fn, sizeof(log_fn), "%s%s", base, INDEX_LOG);
if ((log_fp = OPEN_IN(log_fn)) == NULL) {
FATAL("Source log file %s not found.\n", log_fn);
} else {
@@ -505,6 +507,9 @@ char *fn;
if ((found = kpse_find_file (fn, kpse_ist_format, 1)) == NULL) {
FATAL("Index style file %s not found.\n", fn);
} else {
+ if (strlen(found) >= sizeof(sty_fn)) {
+ FATAL("Style file %s too long.\n", found);
+ }
strcpy(sty_fn,found);
if ((sty_fp = OPEN_IN(sty_fn)) == NULL) {
FATAL("Could not open style file %s.\n", sty_fn);
@@ -512,6 +517,9 @@ char *fn;
}
#else
if ((path = getenv(STYLE_PATH)) == NULL) {
+ if (strlen(fn) >= sizeof(sty_fn)) {
+ FATAL("Style file %s too long.\n", fn);
+ }
/* style input path not defined */
strcpy(sty_fn, fn);
sty_fp = OPEN_IN(sty_fn);
--- texk/makeindexk/mkind.h
+++ texk/makeindexk/mkind.h 2007-02-06 13:42:38.000000000 +0100
@@ -322,7 +322,7 @@ ensuing.
#ifdef LINE_MAX /* IBM RS/6000 AIX has this in <sys/limits.h> */
#undef LINE_MAX
#endif
-#define LINE_MAX 72 /* maximum output line length (longer */
+#define LINE_MAX _POSIX2_LINE_MAX /* maximum output line length (longer */
/* ones wrap if possible) */
#define NUMBER_MAX 16 /* maximum digits in a Roman or Arabic */
@@ -337,7 +337,7 @@ ensuing.
#define ROMAN_MAX 16 /* maximum length of Roman page number */
/* field */
-#define STRING_MAX 256 /* maximum length of host filename */
+#define STRING_MAX _POSIX2_LINE_MAX /* maximum length of host filename */
/*====================================================================*/